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Certificate ::= SEQUENCE { 

tbsCertif icate TBSCertif icate , 

signatureAlgorithm Algorithmldentif ier , 

signature BIT STRING } 



: = SEQUENCE { 



TBSCertif icate 

version [0] 
serialNumber 
signature 
issuer 
validity- 
subject 

sub j ectPublicKeylnf o 
issuerUniquelD [1] 
subjectUniquelD [2] 
extensions [3] 



Version DEFAULT vl, 

Cert if icateSerialNumber , 

Algorithmldentif ier , 

Name , 

Validity, 

Name, 

Subj ectPublicKeylnf o, 
IMPLICIT Uniqueldentif ier OPTIONAL, 
IMPLICIT Uniqueldentif ier OPTIONAL, 
Extensions OPTIONAL } 



Version :: = INTEGER { 
Cert if icateSerialNumber 



vl (0) , v2 (1) , v3 (2) 
: : = INTEGER 



} 



Validity ::= SEQUENCE { 
notBef ore 
notAf ter 

Time : : = CHOICE { 
utcTime 
generalTime 

Uniqueldentif ier : : 



Time , 
Time } 



UTCTime , 

General izedTime } 



BIT STRING 



Subj ectPublicKeylnf o ::= SEQUENCE { 

algorithm Algorithmldentif ier , 

subjectPublicKey BIT STRING } 

Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 



Extension : : = 
extnID 
critical 
extnValue 



SEQUENCE { 



OBJECT IDENTIFIER, 
BOOLEAN DEFAULT FALSE, 
OCTET STRING } 



FIG. 5 A 

(PRIOR ART) 



U.S. Serial Number 09/734,809 Atty. Docket # AUS9-2000-0799-US1 

•i Benantar 
system for a secure binding of a certificate to 

its corresponding certificate revocation list 



5/6 



CertificateList ::= SEQUENCE { 

tbsCertList TBSCertList, 
signatureAlgorithm Algorithmldentifier, 
signatureValue BIT STRING } 



TBSCertList ::= SEQUENCE { 

version Version OPTIONAL, 

signature Algorithmldentifier, 
issuer Name, 
thisUpdate Time, 
nextUpdate Time OPTIONAL, 

revokedCertificates SEQUENCE OF SEQUENCE { 

userCertificate CertificateSerialNumber, 

revocation Date Time, 

crl Entry Extensions Extensions OPTIONAL 
} OPTIONAL, 

crIExtensions [0] EXPLICIT Extensions OPTIONAL 

} 
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certFingerprint ::= SEQUENCE OF SEQUENCE { 
algorithm Algorithmldentifier, 
fingerprint octet string 

} 
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